About using sudo

Sudo is a program for Unix-like computer operating systems that lets users run programs using the security privileges of another user (by default, the superuser).

Sudo lets you configure highly restricted user privileges on a remote device (refer to the commands listed in the table below). This new sudo option offers a more secure connection because root access is no longer required. Root access meant that if user account credentials were compromised, all other data on the remote device was potentially compromised, as well.

When using sudo with Trust Protection Platform, consider the following limitations and requirements:

• Workflow (SSH) Command Injection is not supported with sudo unless the injected commands are prefixed with sudo and no password is required by sudo to execute them.
• Only one certificate can be provisioned at a time to the same device when using sudo (the Concurrent Connection Count must be 1).
• The sudo account used by Trust Protection Platform must have read and write permissions to the temp directory, as well as permissions to transfer files to and from the temp directory using SFTP.
• sudo can only be used with Venafi drivers that make use of an SSH command-line interface and is only supported by platforms that use a standard, non-proprietary command shell.

When sudo is enabled, each command executed remotely on a device is prefixed with “sudo” to have the command execute in a privileged security context. The sudoers file governs which commands and which users are allowed. It can also specify whether or not the user must enter their password when prompted, an optional configuration that is supported by Trust Protection Platform.

For additional information and resources regarding sudo, visit the following websites:

• http://www.sudo.ws/
• https://www.garron.me/en/linux/visudo-command-sudoers-file-sudo-default-editor.html

Related Topics